Summary
This host is running Cybozu Office, Cybozu Garoon, Cybozu Dezie or Cybozu MailWise and is prone to cross site scripting vulnerability.
Impact
Successful exploitation could allow remote attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Impact Level: Application
Solution
Upgrade to Cybozu Garoon version 2.5.0, Cybozu Office version 7 Cybozu Dezie version 6.1, Cybozu Mailwise version 3.1 or later.
For updates refer to http://products.cybozu.co.jp/
Insight
The flaw is caused by improper validation of unspecified input related to downloading images from the mail system, which allows attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Affected
Cybozu Office version 6
Cybozu Dezie versions before 6.1
Cybozu MailWise versions before 3.1
Cybozu Garoon versions 2.0.0 through 2.1.3
References
Severity
Classification
-
CVE CVE-2011-1334 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Apache Solr Directory Traversal Vulnerability Jan-14
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- 2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
- Apache CouchDB Cross Site Request Forgery Vulnerability